How to disable drive and clipboard redirection and lock down the d/top for some users only

I'd like to selectively lock down the desktop for some users only on a Remote Desktop Session Host. I have tried setting the Group Policy Object Editor :
Computer Confifuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Device And Resource Redirection
Also tried the "Remote Desktop Session Host Configuration" tool.
Trouble is, it applies to everyone. Is this possible on a Windows 2008 R2 terminal server?
nextsolnAsked:
Who is Participating?
 
AcklesCommented:
Alright, there are certain things which are left to assumption, so let's first sort them out...

Please create an OU for your TS, drag the Server in it & then on that OU apply the policy :User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection.

http://technet.microsoft.com/en-us/library/ee791787(WS.10).aspx

Now, if there is something conflicting coming from any upper level (which is not enforced) then you can block inheritance.

Now since you have this as a User policy, please enable Loopback Policy on this.

After this, go to the Delegation Tab & "Deny" Apply Group Policy for the Group you don't want the policy to be applied.

Most important thing, After you have done all this "Reboot" the Server as you moved it to the new OU & it needs to understand the location.

all the best,
A
0
 
getofmelandCommented:
You will need to do a user configuration group policy based on users to be able to do this and then apply it to a security group, rather than authenticated users.
0
 
nextsolnAuthor Commented:
In the user configuration there is an option for the clipboard but not the drives that I can see. I suppose there is two locations, the Remote Desktop Session Host Configuration that I would remove the option to disable the drive redirection and the clipboard. I could then use the GPO to lock them down based on the user configuration and apply that to the server OU and the specific security group I have created. The problem is that I have tried this and it still doesn't work. Am I missing something?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
getofmelandCommented:
Do you users only use RDS? or do they log on to other hosts?

Do they have other Group Policies applied to them?
0
 
getofmelandCommented:
0
 
nextsolnAuthor Commented:
The users operating 95% of the time on the TS
yes we have a variety of GPO's that are applied to users
Yes I have enabled the loopback processing to no avail
I suppose the question would be, is it certainly possible to achieve. Theoretically is should all work but do you happen to know if this is possible to achieve and hence I have mis-configured something?
0
 
AcklesCommented:
As for Drrive Redirection:
It is only in:
Computer Confifuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Device And Resource Redirection > Do not allow Drive Redirection.

That means, anyone going on it will get it.

A
0
 
AcklesCommented:
Any news?
A
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.